US7062660B2 - Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority - Google Patents

Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority Download PDF

Info

Publication number
US7062660B2
US7062660B2 US09/922,618 US92261801A US7062660B2 US 7062660 B2 US7062660 B2 US 7062660B2 US 92261801 A US92261801 A US 92261801A US 7062660 B2 US7062660 B2 US 7062660B2
Authority
US
United States
Prior art keywords
file system
user
authority
mount operation
perform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US09/922,618
Other versions
US20030028508A1 (en
Inventor
Joseph Quinlan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Twitter Inc
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US09/922,618 priority Critical patent/US7062660B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: QUINLAN, JOSEPH
Publication of US20030028508A1 publication Critical patent/US20030028508A1/en
Application granted granted Critical
Publication of US7062660B2 publication Critical patent/US7062660B2/en
Assigned to TWITTER, INC. reassignment TWITTER, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TWITTER, INC.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TWITTER, INC.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TWITTER, INC.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F2003/0697Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers device management, e.g. handlers, drivers, I/O schedulers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99939Privileged access

Definitions

  • This invention relates to a method and apparatus for controlling the performance of a file system mount operation in an information handling system by a user lacking superuser authority. More particularly, it relates to a method and apparatus for controlling the performance of a mount or unmount operation by such a user on a UNIX file system.
  • Operating systems are the software components that perform basic system services for application programs running on a computer system.
  • operating systems manage the use by application programs of various system resources such as data files, executable program files, hardware resources such as processors and memory, and the like.
  • An important subset of operating systems is that of UNIX-based operating systems, so called because they conform in varying degrees to a set of standards established by the original operating system of that name created at AT&T Bell Laboratories.
  • UNIX-based operating systems are discussed in more detail in such publications as K. Christian, The UNIX Operating System (1988), and A. S. Tanenbaum, Modern Operating Systems (1992), especially at pages 265–314, both of which publications are incorporated herein by reference.
  • a file system 100 on a hard disk may contain a root directory (/), which may contain subdirectories a and b, with subdirectory a in turn containing subdirectories c and d.
  • Subdirectory c may contain files p and q, while subdirectory d may contain a file r.
  • a file system 102 on a diskette may contain a root directory (/) containing files x, y and z.
  • each directory may contain zero or more subdirectories and zero or more files.
  • the full path name with the chain of subdirectories from the root directory, is used.
  • file r is more fully identified as /a/d/r.
  • the root directory of the file system is the root directory on the corresponding drive. More generally, any directory on a drive, along with its dependent directories and files, can be regarded as a file system in its own right. This, on the hard disk in FIG. 1 , the file system /a would contain files p, q and r, while the file system /a/d would contain file r.
  • Hierarchical file systems have the advantage over “flat” file systems that they allow one to keep related files with one another and separated from unrelated files.
  • FIG. 1 there is no logical association between hard disk file system 100 and the diskette file system 102 ; rather, they are separate file systems with their separate directory structures.
  • a user would have to identify not only the location of the file within its file system (using the path name as indicated above), but also the file system (usually by a drive letter) as well.
  • file r might be fully specified as H:/a/d/r
  • file x might be fully specified as D:/x.
  • UNIX employs a concept known as mounting, in which an entire first file system is placed (or “mounted”, to use the UNIX terminology) with its hierarchical tree structure intact in a directory of a second file system, so that all files can be referenced from within a single file system.
  • the file system 102 of FIG. 1 can be placed in subdirectory b (the “mount point”) to create the single file system 200 shown in FIG. 2 .
  • file r can be referenced as /a/d/r, and file x as /b/x, without any need to specify a file system.
  • the mount operation described above would typically be initiated by a user entering a shell command known as a mount command from a keyboard of an operator console or the user's workstation. To reverse the mount operation, the user would enter an unmount command.
  • mounting a file system logically associates it with another file system so that it can be referenced from within the other file system
  • unmounting a file system logically dissociates it from another file system so that it can no longer be referenced from within the other file system.
  • the term “mount operation”, as used generically herein, refers to either of these operations, as well as any other operation that changes the logical association of a first file system with a second file system (as by moving the mount point within the second file system or to a different file system).
  • the present invention is directed to the problem of controlling just which users are allowed to initiate a particular mount operation in a computer system.
  • the problem is presented below as it exists in the UNIX System Services (USS) component of the IBM OS/390 and z/OS operating systems, however a similar problem would exist in other systems as well.
  • USS UNIX System Services
  • each user authenticated to the system has a user ID (UID) identifying the specific user, as well as a group ID (ID) identifying a group of which the user is a member. These IDs determine what a given user can do with a given system resource.
  • the UID of 0 is assigned to what is known as a root user or superuser, and a user authenticated to the system with the UID of 0 is said to have root or superuser authority. Since such a superuser has extremely broad authority to access and update system resources, security dictates that the number of persons allowed to be superusers be kept quite small.
  • UNIX System Services supports two ways of granting authority to users to perform mount operations.
  • a user with at least read access to a resource SUPERUSER.FILESYS.MOUNT as defined by a resource profile of that name, can also mount and unmount file systems; such a user has superuser authority for mount operations, even though he may not have superuser authority generally.
  • the present invention relates to a mechanism for allowing non-root users the ability to perform mount operations on file systems, especially on a UNIX-based platform. More particularly, the present invention contemplates a method and apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation.
  • a determination is made of whether the user has general authority to perform the requested mount operation, either because the user has general superuser authority or because the user has superuser authority for mount operations. If the user has general authority to perform the requested mount operation, the requested mount operation is performed. If the user does not have general authority to perform the requested mount operation, the requested mount operation is performed only if the user has a predetermined access authority to the first file system.
  • the present invention distributes mount authority among users without superuser authority. It thus allows a large UNIX organization to distribute mount privileges to various individuals in the organization on a per file system basis.
  • FIG. 1 shows a first file system before it is mounted in a second file system.
  • FIG. 2 shows the first file system of FIG. 1 after it is mounted in the second file system.
  • FIG. 3 shows an information handling system incorporating the present invention.
  • FIG. 4 shows the security database maintained by the security manager shown in FIG. 3 .
  • FIG. 5 shows a resource profile
  • FIG. 6 shows an access list
  • FIG. 7 shows the procedure for handling a user mount request.
  • FIG. 3 is a schematic block diagram of an information handling system 300 incorporating the present invention.
  • Information handling system 300 comprises a central processor complex (CPC) 302 to which an operator console 304 is attached.
  • CPC 302 contains one or more central processors (CPs) as well as central storage for storing data currently being handled and programs currently being executed.
  • Attached to CPC 302 are storage devices 306 of various types, typically direct access storage devices (DASD) such as fixed disk drives (“hard drives”), diskette drives (“floppy drives”) and the like.
  • DASD direct access storage devices
  • CPC 302 would typically also be attached to various other peripheral input/output (I/O) devices such as printers, communication networks and the like.
  • I/O peripheral input/output
  • Console 304 comprises an input device such as a keyboard for entering operator commands (such as the ones described below) as well as an output device such as a monitor for displaying messages or responses to commands.
  • Console 304 may comprise a personal computer (PC) that is attached to CPC 302 either directly or through a service processor not separately shown.
  • PC personal computer
  • the disclosed embodiment uses a command-line interface in which commands are entered explicitly via a keyboard, other methods of entering commands—e.g., using a mouse and a graphical user interface (GUI)—could be used instead, and the term “command” is to be understood in this generalized sense.
  • GUI graphical user interface
  • CPC 302 Executing on CPC 302 are one or more system images (one of which is shown), each of which comprises an operating system (OS) 308 .
  • OS operating system
  • CPC 302 may comprise an IBM S/390 or eServer zSeries server
  • OS 308 may comprise the IBM OS/390 or z/OS operating system.
  • zSeries and z/OS are recently introduced products having a 64-bit addressing mode; S/390 and OS/390 are predecessor products having 31-bit and 24-bit addressing modes.
  • Each of these operating systems 308 has a UNIX System Services (USS) component 310 (also referred to hereinafter as the UNIX kernel) that performs UNIX functions for user applications 312 executing on the system image.
  • USBS UNIX System Services
  • UNIX kernel 310 contains, among other components, a command interpreter 314 for executing so-called shell commands entered via the operator console 304 .
  • USS component 310 is described more particularly in the IBM publications OS/ 390 UNIX System Services Planning, SC28-1890-09 (March 2000), and z/OS UNIX System Services Planning, GA22-7800-00 (March 2001), incorporated herein by reference.
  • the callable services provided by USS component 310 are described in the IBM publications OS/ 390 UNIX System Services Programming: Assembler Callable Services Reference, SC28-1899-08 (March 2000), and z/OS UNIX System Services Programming: Assembler Callable Services Reference, SA22-7803-00 (March 2001), incorporated herein by reference, while the shell commands executed by USS component 310 (including mount and unmount) are described more particularly in the IBM publications OS/ 390 UNIX System Services Command Reference, SC28-1892-09 (March 2000), and z/OS UNIX System Services Command Reference, SA22-7802-00 (March 2001), incorporated herein by reference.
  • mount operations may be initiated by a user application 312 using one of the callable services mount( ), _mount( ) and unmount( ) provided by the UNIX kernel 3 10 , as described in the above-identified publications OS/ 390 UNIX System Services Programming: Assembler Callable Services Reference and z/OS UNIX System Services Programming: Assembler Callable Services Reference.
  • a user can initiate a mount operation from outside of the UNIX environment by issuing a Time Sharing Options Extended (TSO/E) command MOUNT or UNMOUNT, as described in the above-identified publications OS/ 390 UNIX System Services Command Reference and z/OS UNIX System Services Command Reference. Similar principles would govern the authorization checking in accordance with the present invention for mount requests received through these alternative channels.
  • TSO/E Time Sharing Options Extended
  • UNIX kernel 310 manages their access to and use of various system resources.
  • UNIX kernel 310 uses the services of a system software component 316 referred to herein as a security manager.
  • Security manager 316 authenticates users to the system and controls their access to protected resources through the use of resource profiles to be described stored in a security database 318 .
  • the Resource Access Control Facility (RACF) component of the Security Server element of the IBM OS/390 or z/OS operating system is used.
  • RACF Resource Access Control Facility
  • the RACF component is described more particularly in such IBM publications as OS/ 390 Security Server ( RACF ) General User's Guide, SC28-1917-06 (September 1999), z/OS SecureWay Security Server RACF General User's Guide, SA22-7685-00 (March 2001), OS/ 390 Security Server ( RACF ) Callable Services, GC28-1921-06 (September 1999), and z/OS SecureWay Security Server RACF Callable Services, SA22-7691-00 (March 2001), all of which are incorporated herein by reference.
  • FIG. 4 shows the various profiles used by security manager 316 to control access to protected resources. As shown in the figure, these profiles, which are maintained in the security database 318 , include data set profiles 402 and resource profiles 404 . Each data set 402 profile may be either a discrete profile or a generic profile. Each discrete profile 402 controls access to a single data set that has unique security requirements (such as, for example, a file system), while each generic profile 402 controls access to multiple data sets that have common security requirements.
  • unique security requirements such as, for example, a file system
  • Each resource profile 404 controls access to a general system resource such as disk or tape volumes, program load modules, application resources, terminals and other resources that may be installation defined.
  • resource profiles 404 are organized into classes, one of which (UNIXPRIV) contains profiles that are used to grant UNIX privileges.
  • UNIXPRIV UNIXPRIV
  • One of the profiles in the UNIXPRIV class is the previously mentioned SUPERUSER.FILESYS.MOUNT, which allows a user to perform various mount operations.
  • FIG. 5 shows the contents of a data set profile 402 or a resource profile 404 in the embodiment shown.
  • each profile 402 or 404 contains the name 502 of the data set or resource, the owner 504 of the data set or resource, an access list 506 , a universal access authority (UACC) 507 , and auditing information 508 .
  • UACC universal access authority
  • the access list 506 specifies the access authority for particular users and groups, that is, the access allowed by such users and groups to the data set or resource defined by the profile 402 or 404 .
  • FIG. 6 shows the contents of the access list 506 .
  • the access list 506 contains one or more entries 602 , each of which contains the name 604 of a user or group and the access authority 606 given to that user or group.
  • the access authority for a particular user or group may be NONE, READ, UPDATE, CONTROL, ALTER, or (for programs) EXECUTE.
  • the universal access authority (UACC) 507 specifies the default access authority, that is, the access authority for a user or group not listed in the access list 506 . Like the access authority 606 for a particular user or group, the universal access authority (UACC) 507 may be NONE, READ, UPDATE, CONTROL, ALTER, or (for programs) EXECUTE.
  • FIG. 7 shows the procedure 700 for checking mount authority in accordance with the present invention.
  • the procedure 700 which is performed by the UNIX kernel 310 , is invoked when a user makes a mount or unmount request, as by entering a mount or unmount UNIX shell command (step 702 ).
  • the procedure 700 checks the security manager 316 to determine whether the user has general mount authority, that is, superuser authority for mount operations (step 708 ). This is done by examining the SUPERUSER.FILESYS.MOUNT resource profile 404 in the UNIXPRIV class of the security database 318 and determining whether the user has at least READ access authority (as indicated by the access list 506 and UACC 507 ). If it is determined that the user does have general mount authority (step 710 ), then the procedure 700 grants the mount request and allows the mount to occur (step 706 ).
  • the procedure 700 determines whether the user has mount authority for the specific file system being mounted (step 712 ). This is done by examining the data set profile 402 for the data set corresponding the target file system (i.e., the file system being mounted in or unmounted from the other file system) in the security database 318 and determining whether the user either owns the file system (as indicated by the owner field 502 ) has at least READ access authority to that file system (as indicated by the access list 506 and UACC 507 ); the data set profile 402 examined may be either for the target file system itself or for a data set containing the target file system.
  • the procedure 700 allows the mount to occur (step 706 ); preferably here, the mount is allowed to occur with the setuid option only if the user owns the target file system. If the user does not own the target file system or have at least READ access authority to that file system, then the procedure 700 denies the mount request and does not allow the mount to occur (step 714 ).
  • the access authority checked is for the target file system itself (or for a data set containing the target file system).
  • the user's access authority to the target file system checking his access authority to specific files within that file system. For example, one could determine the owner of the root file within the target file system and, if the user making the mount request is also the owner of that file, then the mount would be allowed without the need for root authority.

Abstract

A method and apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation. In response to a request by a user to perform a requested mount operation on the first file system, a determination is made of whether the user has general authority to perform the requested mount operation, either because the user has general superuser authority or because the user has superuser authority for mount operations. If the user has general authority to perform the requested mount operation, the requested mount operation is performed. If the user does not have general authority to perform the requested mount operation, the requested mount operation is performed only if the user has a predetermined access authority to the first file system.

Description

BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a method and apparatus for controlling the performance of a file system mount operation in an information handling system by a user lacking superuser authority. More particularly, it relates to a method and apparatus for controlling the performance of a mount or unmount operation by such a user on a UNIX file system.
2. Description of the Related Art
1. Introductory Discussion
As a preliminary to discussing the problem to which the present invention is directed, it will be useful to discuss some basic notions relating to operating systems, file systems and mount operations.
Operating systems are the software components that perform basic system services for application programs running on a computer system. Among other things, operating systems manage the use by application programs of various system resources such as data files, executable program files, hardware resources such as processors and memory, and the like. An important subset of operating systems is that of UNIX-based operating systems, so called because they conform in varying degrees to a set of standards established by the original operating system of that name created at AT&T Bell Laboratories. UNIX-based operating systems are discussed in more detail in such publications as K. Christian, The UNIX Operating System (1988), and A. S. Tanenbaum, Modern Operating Systems (1992), especially at pages 265–314, both of which publications are incorporated herein by reference.
Operating systems use file systems to organize data and program files so that they may accessed by applications. File systems generally are discussed in the above-identified reference of Tanenbaum (1992) at pages 145–204; UNIX file systems in particular are discussed in the above-identified reference of Christian (1988) at pages 49–62, as well as in Tanenbaum at pages 287–290.
In a hierarchical file system (HFS), files are logically contained in directories, each of which may be either a root directory or a subdirectory contained in a parent directory. Thus, referring to FIG. 1, in an example taken from pages 288–289 of Tanenbaum, a file system 100 on a hard disk may contain a root directory (/), which may contain subdirectories a and b, with subdirectory a in turn containing subdirectories c and d. Subdirectory c may contain files p and q, while subdirectory d may contain a file r. In a similar manner, a file system 102 on a diskette may contain a root directory (/) containing files x, y and z. In general, each directory may contain zero or more subdirectories and zero or more files. To uniquely specify a file within a given hierarchical file system, the full path name, with the chain of subdirectories from the root directory, is used. Thus, file r is more fully identified as /a/d/r.
In each of the file systems 100 and 102, the root directory of the file system is the root directory on the corresponding drive. More generally, any directory on a drive, along with its dependent directories and files, can be regarded as a file system in its own right. This, on the hard disk in FIG. 1, the file system /a would contain files p, q and r, while the file system /a/d would contain file r.
Hierarchical file systems have the advantage over “flat” file systems that they allow one to keep related files with one another and separated from unrelated files. However, one will note that in FIG. 1 there is no logical association between hard disk file system 100 and the diskette file system 102; rather, they are separate file systems with their separate directory structures. Thus, to fully specify one of the files shown in FIG. 1, a user would have to identify not only the location of the file within its file system (using the path name as indicated above), but also the file system (usually by a drive letter) as well. Accordingly, if H: were the drive letter associated with the hard disk file system 100 and D: were the drive letter associated with the diskette file system 100, file r might be fully specified as H:/a/d/r, while file x might be fully specified as D:/x.
To avoid this need to specify a file system, UNIX employs a concept known as mounting, in which an entire first file system is placed (or “mounted”, to use the UNIX terminology) with its hierarchical tree structure intact in a directory of a second file system, so that all files can be referenced from within a single file system. Thus, the file system 102 of FIG. 1 can be placed in subdirectory b (the “mount point”) to create the single file system 200 shown in FIG. 2. In this single file system 200, file r can be referenced as /a/d/r, and file x as /b/x, without any need to specify a file system.
The mount operation described above would typically be initiated by a user entering a shell command known as a mount command from a keyboard of an operator console or the user's workstation. To reverse the mount operation, the user would enter an unmount command.
To summarize, mounting a file system logically associates it with another file system so that it can be referenced from within the other file system, while unmounting a file system logically dissociates it from another file system so that it can no longer be referenced from within the other file system. The term “mount operation”, as used generically herein, refers to either of these operations, as well as any other operation that changes the logical association of a first file system with a second file system (as by moving the mount point within the second file system or to a different file system).
2. Problem Statement
The present invention is directed to the problem of controlling just which users are allowed to initiate a particular mount operation in a computer system. The problem is presented below as it exists in the UNIX System Services (USS) component of the IBM OS/390 and z/OS operating systems, however a similar problem would exist in other systems as well.
In UNIX-based operating systems, each user authenticated to the system has a user ID (UID) identifying the specific user, as well as a group ID (ID) identifying a group of which the user is a member. These IDs determine what a given user can do with a given system resource. The UID of 0 is assigned to what is known as a root user or superuser, and a user authenticated to the system with the UID of 0 is said to have root or superuser authority. Since such a superuser has extremely broad authority to access and update system resources, security dictates that the number of persons allowed to be superusers be kept quite small.
Currently UNIX System Services supports two ways of granting authority to users to perform mount operations. Thus, a user with root authority (UID=0) can perform mount operations, since that is one attribute of his broad superuser authority. In addition, a user with at least read access to a resource SUPERUSER.FILESYS.MOUNT, as defined by a resource profile of that name, can also mount and unmount file systems; such a user has superuser authority for mount operations, even though he may not have superuser authority generally. This use of the SUPERUSER.FILESYS.MOUNT resource profile to control mount operations is described in such IBM publications as OS/390 UNIX System Services Planning, SC28-1890-09 (March 2000), and OS/390 UNIX System Services Command Reference, SC28-1892-09 (March 2000), both of which are incorporated herein by reference.
Both of these approaches give the user authority to perform mount operations on all file systems. However, in large UNIX installation there may be several different departments or organizations. It would be useful if particular subsets of users at such installations could perform mount operations on their own file systems. Under the authorization scheme described above, though, this is not possible without giving such users general mount authority (either general superuser authority or superuser authority for mount operations), which would let them perform mount operations other file systems as well.
SUMMARY OF THE INVENTION
The present invention relates to a mechanism for allowing non-root users the ability to perform mount operations on file systems, especially on a UNIX-based platform. More particularly, the present invention contemplates a method and apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation. In response to a request by a user to perform a requested mount operation on the first file system, a determination is made of whether the user has general authority to perform the requested mount operation, either because the user has general superuser authority or because the user has superuser authority for mount operations. If the user has general authority to perform the requested mount operation, the requested mount operation is performed. If the user does not have general authority to perform the requested mount operation, the requested mount operation is performed only if the user has a predetermined access authority to the first file system.
The present invention distributes mount authority among users without superuser authority. It thus allows a large UNIX organization to distribute mount privileges to various individuals in the organization on a per file system basis.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a first file system before it is mounted in a second file system.
FIG. 2 shows the first file system of FIG. 1 after it is mounted in the second file system.
FIG. 3 shows an information handling system incorporating the present invention.
FIG. 4 shows the security database maintained by the security manager shown in FIG. 3.
FIG. 5 shows a resource profile.
FIG. 6 shows an access list.
FIG. 7 shows the procedure for handling a user mount request.
 DESCRIPTION OF THE PREFERRED EMBODIMENT
FIG. 3 is a schematic block diagram of an information handling system 300 incorporating the present invention. Information handling system 300 comprises a central processor complex (CPC) 302 to which an operator console 304 is attached. As is well known in the art, CPC 302 contains one or more central processors (CPs) as well as central storage for storing data currently being handled and programs currently being executed. Attached to CPC 302 are storage devices 306 of various types, typically direct access storage devices (DASD) such as fixed disk drives (“hard drives”), diskette drives (“floppy drives”) and the like. Although not shown in FIG. 3, CPC 302 would typically also be attached to various other peripheral input/output (I/O) devices such as printers, communication networks and the like.
Console 304 comprises an input device such as a keyboard for entering operator commands (such as the ones described below) as well as an output device such as a monitor for displaying messages or responses to commands. Console 304 may comprise a personal computer (PC) that is attached to CPC 302 either directly or through a service processor not separately shown. Although the disclosed embodiment uses a command-line interface in which commands are entered explicitly via a keyboard, other methods of entering commands—e.g., using a mouse and a graphical user interface (GUI)—could be used instead, and the term “command” is to be understood in this generalized sense.
Executing on CPC 302 are one or more system images (one of which is shown), each of which comprises an operating system (OS) 308. Although the invention is not limited to any particular platform, in the embodiment shown CPC 302 may comprise an IBM S/390 or eServer zSeries server, while OS 308 may comprise the IBM OS/390 or z/OS operating system. (zSeries and z/OS are recently introduced products having a 64-bit addressing mode; S/390 and OS/390 are predecessor products having 31-bit and 24-bit addressing modes.) Each of these operating systems 308 has a UNIX System Services (USS) component 310 (also referred to hereinafter as the UNIX kernel) that performs UNIX functions for user applications 312 executing on the system image. UNIX kernel 310 contains, among other components, a command interpreter 314 for executing so-called shell commands entered via the operator console 304.
USS component 310 is described more particularly in the IBM publications OS/390 UNIX System Services Planning, SC28-1890-09 (March 2000), and z/OS UNIX System Services Planning, GA22-7800-00 (March 2001), incorporated herein by reference. The callable services provided by USS component 310 are described in the IBM publications OS/390 UNIX System Services Programming: Assembler Callable Services Reference, SC28-1899-08 (March 2000), and z/OS UNIX System Services Programming: Assembler Callable Services Reference, SA22-7803-00 (March 2001), incorporated herein by reference, while the shell commands executed by USS component 310 (including mount and unmount) are described more particularly in the IBM publications OS/390 UNIX System Services Command Reference, SC28-1892-09 (March 2000), and z/OS UNIX System Services Command Reference, SA22-7802-00 (March 2001), incorporated herein by reference.
The present discussion is principally with reference to mount operations performed in response to the mount and unmount UNIX shell commands. However, the invention is not limited to mount operations initiated in this manner, and other means could be used instead. Thus, in the system 300 shown, mount operations may be initiated by a user application 312 using one of the callable services mount( ), _mount( ) and unmount( ) provided by the UNIX kernel 3 10, as described in the above-identified publications OS/390 UNIX System Services Programming: Assembler Callable Services Reference and z/OS UNIX System Services Programming: Assembler Callable Services Reference. In addition, in the system 300 shown a user can initiate a mount operation from outside of the UNIX environment by issuing a Time Sharing Options Extended (TSO/E) command MOUNT or UNMOUNT, as described in the above-identified publications OS/390 UNIX System Services Command Reference and z/OS UNIX System Services Command Reference. Similar principles would govern the authorization checking in accordance with the present invention for mount requests received through these alternative channels.
In addition to performing various system services for applications 312, UNIX kernel 310 manages their access to and use of various system resources. To assist it in this respect, UNIX kernel 310 uses the services of a system software component 316 referred to herein as a security manager. Security manager 316 authenticates users to the system and controls their access to protected resources through the use of resource profiles to be described stored in a security database 318. Although the particular choice of security manager 316 forms no part of the present invention, in the disclosed embodiment the Resource Access Control Facility (RACF) component of the Security Server element of the IBM OS/390 or z/OS operating system is used. The RACF component is described more particularly in such IBM publications as OS/390 Security Server (RACF) General User's Guide, SC28-1917-06 (September 1999), z/OS SecureWay Security Server RACF General User's Guide, SA22-7685-00 (March 2001), OS/390 Security Server (RACF) Callable Services, GC28-1921-06 (September 1999), and z/OS SecureWay Security Server RACF Callable Services, SA22-7691-00 (March 2001), all of which are incorporated herein by reference.
FIG. 4 shows the various profiles used by security manager 316 to control access to protected resources. As shown in the figure, these profiles, which are maintained in the security database 318, include data set profiles 402 and resource profiles 404. Each data set 402 profile may be either a discrete profile or a generic profile. Each discrete profile 402 controls access to a single data set that has unique security requirements (such as, for example, a file system), while each generic profile 402 controls access to multiple data sets that have common security requirements.
Each resource profile 404, on the other hand, controls access to a general system resource such as disk or tape volumes, program load modules, application resources, terminals and other resources that may be installation defined. As described in the RACF publications referred to above, in the particular security manager 316 shown, resource profiles 404 are organized into classes, one of which (UNIXPRIV) contains profiles that are used to grant UNIX privileges. One of the profiles in the UNIXPRIV class is the previously mentioned SUPERUSER.FILESYS.MOUNT, which allows a user to perform various mount operations.
FIG. 5 shows the contents of a data set profile 402 or a resource profile 404 in the embodiment shown. As shown in the figure, each profile 402 or 404 contains the name 502 of the data set or resource, the owner 504 of the data set or resource, an access list 506, a universal access authority (UACC) 507, and auditing information 508.
The access list 506 specifies the access authority for particular users and groups, that is, the access allowed by such users and groups to the data set or resource defined by the profile 402 or 404. FIG. 6 shows the contents of the access list 506. As shown in the figure, the access list 506 contains one or more entries 602, each of which contains the name 604 of a user or group and the access authority 606 given to that user or group. In the embodiment shown, the access authority for a particular user or group may be NONE, READ, UPDATE, CONTROL, ALTER, or (for programs) EXECUTE.
The universal access authority (UACC) 507 specifies the default access authority, that is, the access authority for a user or group not listed in the access list 506. Like the access authority 606 for a particular user or group, the universal access authority (UACC) 507 may be NONE, READ, UPDATE, CONTROL, ALTER, or (for programs) EXECUTE.
FIG. 7 shows the procedure 700 for checking mount authority in accordance with the present invention. The procedure 700, which is performed by the UNIX kernel 310, is invoked when a user makes a mount or unmount request, as by entering a mount or unmount UNIX shell command (step 702). Upon receiving such a request, the procedure 700 determines, by checking the user ID of the requester, whether the user has general superuser, or root, authority (UID=0) (step 704). If so, then the procedure 700 grants the mount request and allows the mount to occur (step 706).
If at step 704 it is determined that the user does not have general superuser authority, then the procedure 700 checks the security manager 316 to determine whether the user has general mount authority, that is, superuser authority for mount operations (step 708). This is done by examining the SUPERUSER.FILESYS.MOUNT resource profile 404 in the UNIXPRIV class of the security database 318 and determining whether the user has at least READ access authority (as indicated by the access list 506 and UACC 507). If it is determined that the user does have general mount authority (step 710), then the procedure 700 grants the mount request and allows the mount to occur (step 706).
As described in the UNIX System Services publications referred to above, the particular level of access authority the user has determines whether the mount operation is permitted to occur with the setuid option, in which the setuid bits of files in the file system being mounted are given effect, or only with the nosetuid option, in which the setuid bits of files in the file system being mounted are ignored. If the user has READ access to the SUPERUSER.FILESYS.MOUNT resource, the mount operation is permitted to occur with the nosetuid option only; if, on the other hand, the user has UPDATE access, the mount operation is also permitted to occur with the setuid option. (The setuid bit is also discussed in Tanenbaum, supra, at pages 283–284 and in Christian, supra, at pages 344–345. The setuid/nosetuid option as it applies to mount operations is also described in D. A. Curry, UNIX System Security (1992), incorporated by reference herein, at pages 96–97.)
If at step 710 it is determined that the user does not have general mount authority, the procedure 700 determines whether the user has mount authority for the specific file system being mounted (step 712). This is done by examining the data set profile 402 for the data set corresponding the target file system (i.e., the file system being mounted in or unmounted from the other file system) in the security database 318 and determining whether the user either owns the file system (as indicated by the owner field 502) has at least READ access authority to that file system (as indicated by the access list 506 and UACC 507); the data set profile 402 examined may be either for the target file system itself or for a data set containing the target file system. If the user does own the target file system or have at least READ access authority to that file system, then the procedure 700 allows the mount to occur (step 706); preferably here, the mount is allowed to occur with the setuid option only if the user owns the target file system. If the user does not own the target file system or have at least READ access authority to that file system, then the procedure 700 denies the mount request and does not allow the mount to occur (step 714).
In the embodiment shown, the access authority checked is for the target file system itself (or for a data set containing the target file system). Alternatively, one could determine the user's access authority to the target file system checking his access authority to specific files within that file system. For example, one could determine the owner of the root file within the target file system and, if the user making the mount request is also the owner of that file, then the mount would be allowed without the need for root authority.
While a particular embodiment has been shown and described, various modifications will be apparent to those skilled in the art. Thus, while the description made particular reference to UNIX-based operating systems, the invention could be used in other operating systems as well.

Claims (21)

1. A method for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation, the method comprising the steps of:
specifying a subset of users having a predetermined access authority to the first file system;
in response to a request by a user to perform a requested mount operation on the first file system, determining whether the user has general authority to perform the requested mount operation;
if the user has general authority to perform the requested mount operation, performing the requested mount operation; and
if the user does not have general authority to perform the requested mount operation,
determining whether the user is one of the subset of users having the predetermined access authority to the first file system; and
performing the requested mount operation if the user is one of the subset of users having the predetermined access authority to the first file system.
2. The method of claim 1 in which the requested mount operation logically associates the first file system with the second file system.
3. The method of claim 1 in which the requested mount operation logically dissociates the first file system from the second file system.
4. The method of claim 1 in which the step of determining whether the user has general authority to perform the requested mount operation comprises the step of determining whether the user has general superuser authority.
5. The method of claim 1 in which the step of determining whether the user has general authority to perform the requested mount operation comprises the step of determining whether the user has superuser authority for mount operations.
6. Apparatus for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation, comprising:
means for specifying a subset of users having a predetermined access authority to the first file system;
means responsive to a request by a user to perform a requested mount operation on the first file system for determining whether the user has general authority to perform the requested mount operation;
means for performing the requested mount operation if the user has general authority to perform the requested mount operation; and
means for:
determining whether the user is one of the subset of users having the predetermined access authority to the first file system; and
performing the requested mount operation if the user is one of the subset of users having the predetermined access authority to the first file system if the user does not have general authority to perform the requested mount operation.
7. The apparatus of claim 6 in which the requested mount operation logically associates the first file system with the second file system.
8. The apparatus of claim 6 in which the requested mount operation logically dissociates the first file system from the second file system.
9. The apparatus of claim 6 in which the means for determining whether the user has general authority to perform the requested mount operation comprises means for determining whether the user has general superuser authority.
10. The apparatus of claim 6 in which the means for determining whether the user has general authority to perform the requested mount operation comprises means for determining whether the user has superuser authority for mount operations.
11. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for controlling the performance of a mount operation changing the logical association of a first file system with a second file system of an information handling system by a user who may not have general authority to perform such a mount operation, the method steps comprising:
specifying a subset of users having a predetermined access authority to the first file system;
in response to a request by a user to perform a requested mount operation on the first file system, determining whether the user has general authority to perform the requested mount operation;
if the user has general authority to perform the requested mount operation, performing the requested mount operation; and
if the user does not have general authority to perform the requested mount operation,
determining whether the user is one of the subset of users having the predetermined access authority to the first file system; and
performing the requested mount operation if the user is one of the subset of users having the predetermined access authority to the first file system.
12. The program storage device of claim 11 in which the requested mount operation logically associates the first file system with the second file system.
13. The program storage device of claim 11 in which the requested mount operation logically dissociates the first file system from the second file system.
14. The program storage device of claim 11 in which the step of determining whether the user has general authority to perform the requested mount operation comprises the step of determining whether the user has general superuser authority.
15. The program storage device of claim 11 in which the step of determining whether the user has general authority to perform the requested mount operation comprises the step of determining whether the user has superuser authority for mount operations.
16. The method of claim 1 in which the file system has an owner and the specified subset of users is the owner of the first file system.
17. The method of claim 1 in which the specified subset of users is the set of users having read access authority to the first file system.
18. The apparatus of claim 6 in which the file system has an owner and the specified subset of users is the owner of the first file system.
19. The apparatus of claim 6 in which the specified subset of users is the set of users having read access authority to the first file system.
20. The program storage device of claim 11 in which the file system has an owner and the specified subset of users is the owner of the first file system.
21. The program storage device of claim 11 in which the specified subset of users is the set of users having read access authority to the first file system.
US09/922,618 2001-08-06 2001-08-06 Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority Active 2024-05-31 US7062660B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/922,618 US7062660B2 (en) 2001-08-06 2001-08-06 Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/922,618 US7062660B2 (en) 2001-08-06 2001-08-06 Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority

Publications (2)

Publication Number Publication Date
US20030028508A1 US20030028508A1 (en) 2003-02-06
US7062660B2 true US7062660B2 (en) 2006-06-13

Family

ID=25447334

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/922,618 Active 2024-05-31 US7062660B2 (en) 2001-08-06 2001-08-06 Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority

Country Status (1)

Country Link
US (1) US7062660B2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10916889B1 (en) 2019-07-29 2021-02-09 International Business Machines Corporation Management of securable computing resources
US11210427B2 (en) 2019-07-29 2021-12-28 International Business Machines Corporation Management of securable computing resources
US11341278B2 (en) 2019-07-29 2022-05-24 International Business Machines Corporation Management of securable computing resources
US11341279B2 (en) 2019-07-29 2022-05-24 International Business Machines Corporation Management of securable computing resources
US11531787B2 (en) 2019-07-29 2022-12-20 International Business Machines Corporation Management of securable computing resources
US11669602B2 (en) 2019-07-29 2023-06-06 International Business Machines Corporation Management of securable computing resources

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8290901B2 (en) * 2005-03-07 2012-10-16 Novell, Inc. Techniques for remote resource mounting
JP4636320B2 (en) * 2005-04-15 2011-02-23 ソニー株式会社 Video camera and mount control method
US9170904B1 (en) * 2008-06-30 2015-10-27 Emc Corporation I/O fault injection using simulated computing environments
CN102981835B (en) * 2012-11-02 2015-06-10 福州博远无线网络科技有限公司 Android application program permanent Root permission acquiring method
GB2515736A (en) * 2013-07-01 2015-01-07 Ibm Controlling access to one or more datasets of an operating system in use
US10496598B2 (en) * 2015-09-29 2019-12-03 Blackberry Limited Data access control based on storage validation

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0325777A2 (en) 1988-01-28 1989-08-02 International Business Machines Corporation A distributed auditing subsystem for an operating system
GB2228599A (en) 1989-02-24 1990-08-29 Sun Microsystems Inc Method and apparatus for per process mounting of file systems in a hierarchial file system environment
US5001628A (en) 1987-02-13 1991-03-19 International Business Machines Corporation Single system image uniquely defining an environment for each user in a data processing system
JPH05250249A (en) 1992-03-06 1993-09-28 Kobe Nippon Denki Software Kk System for managing remote file system by super root directory
JPH086839A (en) 1994-06-20 1996-01-12 Nec Corp Distributed file system
US5838916A (en) 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server
US5946685A (en) 1997-06-27 1999-08-31 Sun Microsystems, Inc. Global mount mechanism used in maintaining a global name space utilizing a distributed locking mechanism
US6052785A (en) 1997-11-21 2000-04-18 International Business Machines Corporation Multiple remote data access security mechanism for multitiered internet computer networks

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5001628A (en) 1987-02-13 1991-03-19 International Business Machines Corporation Single system image uniquely defining an environment for each user in a data processing system
EP0325777A2 (en) 1988-01-28 1989-08-02 International Business Machines Corporation A distributed auditing subsystem for an operating system
GB2228599A (en) 1989-02-24 1990-08-29 Sun Microsystems Inc Method and apparatus for per process mounting of file systems in a hierarchial file system environment
JPH05250249A (en) 1992-03-06 1993-09-28 Kobe Nippon Denki Software Kk System for managing remote file system by super root directory
JPH086839A (en) 1994-06-20 1996-01-12 Nec Corp Distributed file system
US5838916A (en) 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server
US5838910A (en) 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server at an internet site
US6115741A (en) 1996-03-14 2000-09-05 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server
US5946685A (en) 1997-06-27 1999-08-31 Sun Microsystems, Inc. Global mount mechanism used in maintaining a global name space utilizing a distributed locking mechanism
US6052785A (en) 1997-11-21 2000-04-18 International Business Machines Corporation Multiple remote data access security mechanism for multitiered internet computer networks

Non-Patent Citations (16)

* Cited by examiner, † Cited by third party
Title
Lee, "How to Mount/Unmount for Users," Linux Gazette, Issue #17, May 1997. *
Man et al., "Chapter 4: Filesystem Restrictions," Linux System Security: The Administrator's Guide to Open Source Secrity Tools, Pearson Educational Publishers, Sep. 18, 2002. *
Modern Operating Systems, A.S. Tannenbaum, 1992, pp. 265-314.
OS/390 Security Server (RACF) Callable Services, Sep. 1999, GC28-1921-06.
OS/390 Security Server (RACF) General User's Guide, Sep. 1999, SC28-1917-06.
OS/390 UNIX System Services Command Reference, Mar. 2000, SC28-1892-09.
OS/390 UNIX System Services Planning, Mar. 2000, SC28-1890-09.
OS/390 UNIX System Services Programming: Assembler Callable Services Reference, Mar. 2000, SA22-7803-00.
The UNIX Operating System, K. Christian, 1988, pp. 49-62 and pp. 344-345.
UNIX System Security, D.A. Curry, 1992, pp. 96-97.
z/OS Secure Way Security Server (RACF) Callable Services, Mar. 2001, SA22-7691-00.
z/OS Secure Way Security Server (RACF) General User's Guide, Mar. 2001, SA22-7685-00.
z/OS UNIX System Services; Security Sampler, Jul. 2001; pp. 1-19.
z/OS UNIX Systems Services Command Reference, Mar. 2001, SA22-7802-00.
z/OS UNIX Systems Services Programming: Assembler Callable Services Reference, Mar. 2001, SA22-7803-00.
zOS UNIX System Services Planning, Mar. 2001, GA22-7800-00.

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10916889B1 (en) 2019-07-29 2021-02-09 International Business Machines Corporation Management of securable computing resources
US11210427B2 (en) 2019-07-29 2021-12-28 International Business Machines Corporation Management of securable computing resources
US11341278B2 (en) 2019-07-29 2022-05-24 International Business Machines Corporation Management of securable computing resources
US11341279B2 (en) 2019-07-29 2022-05-24 International Business Machines Corporation Management of securable computing resources
US11531787B2 (en) 2019-07-29 2022-12-20 International Business Machines Corporation Management of securable computing resources
US11669602B2 (en) 2019-07-29 2023-06-06 International Business Machines Corporation Management of securable computing resources

Also Published As

Publication number Publication date
US20030028508A1 (en) 2003-02-06

Similar Documents

Publication Publication Date Title
US5675782A (en) Controlling access to objects on multiple operating systems
US5913227A (en) Agent-implemented locking mechanism
US6993581B1 (en) Method and apparatus for providing secure access to a computer system resource
KR100381503B1 (en) Management of a concurrent use license in a logically-partitioned computer
US5761669A (en) Controlling access to objects on multiple operating systems
US6289458B1 (en) Per property access control mechanism
US7219234B1 (en) System and method for managing access rights and privileges in a data processing system
EP0803101B1 (en) A mechanism for linking together the files of emulated and host system for access by emulated system users
US6910041B2 (en) Authorization model for administration
US6766397B2 (en) Controlling access to a storage device
US7185192B1 (en) Methods and apparatus for controlling access to a resource
US6026402A (en) Process restriction within file system hierarchies
US7320074B2 (en) Apparatus and method for using a directory service for authentication and authorization to access resources outside of the directory service
US8122484B2 (en) Access control policy conversion
US20020078365A1 (en) Method for securely enabling an application to impersonate another user in an external authorization manager
EP0398645A2 (en) System for controlling access privileges
US7475199B1 (en) Scalable network file system
US20030135755A1 (en) System and method for granting access to resources
US7062660B2 (en) Method and apparatus for controlling the performance of a file system mount operation by a user lacking superuser authority
JPH0793263A (en) Method for management of variable-authority-level user access to plurality of resource objects inside distributed data processor
US20030172069A1 (en) Access management server, disk array system, and access management method thereof
US7257580B2 (en) Method, system, and program for restricting modifications to allocations of computational resources
EP0817001B1 (en) Flexible mounting and unmounting of user removable media
JPH06214863A (en) Information resource managing device
JP4084850B2 (en) Safety device and safety management method for data processing system

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:QUINLAN, JOSEPH;REEL/FRAME:012082/0961

Effective date: 20010806

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: TWITTER, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:032075/0404

Effective date: 20131230

REMI Maintenance fee reminder mailed
FPAY Fee payment

Year of fee payment: 8

SULP Surcharge for late payment

Year of fee payment: 7

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

FEPP Fee payment procedure

Free format text: 11.5 YR SURCHARGE- LATE PMT W/IN 6 MO, LARGE ENTITY (ORIGINAL EVENT CODE: M1556)

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553)

Year of fee payment: 12

AS Assignment

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:062079/0677

Effective date: 20221027

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:061804/0086

Effective date: 20221027

Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND

Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:061804/0001

Effective date: 20221027